August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more
August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more
August 19, 2024 at 11:37PM The North Korean Lazarus hacking group exploited a zero-day flaw in Windows AFD.sys driver to install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw (CVE-2024-38193) in August 2024, along with seven other zero-day vulnerabilities. Gen Digital warned about the activities and targeting of the notorious group, which is … Read more
April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more
February 29, 2024 at 07:09AM The Lazarus Group exploited a zero-day privilege escalation flaw in the Windows Kernel, gaining kernel-level access and disabling security software. Microsoft patched the vulnerability (CVE-2024-21338) as part of Patch Tuesday updates. The group used an in-the-wild admin-to-kernel exploit, allowing them to run the FudModule rootkit, bypass security checks, and disable … Read more
February 28, 2024 at 12:26PM The Lazarus Group exploited a zero-day flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools. Avast analysts reported the activity, leading to a fix by Microsoft (CVE-2024-21338). The new FudModule rootkit by Lazarus includes advanced evasion techniques. Avast also discovered a previously undocumented RAT used … Read more